CVE-2015-5259 - OpenCVE

Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

AV:N/AC:L/Au:N/C:P/I:P/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Subversion

Configuration 1 [-]

OR	cpe:2.3:a:apache:subversion:1.9.0:::::::*
	cpe:2.3:a:apache:subversion:1.9.1:::::::*
	cpe:2.3:a:apache:subversion:1.9.2:::::::*

References

Link	Resource
http://subversion.apache.org/security/CVE-2015-5259-advisory.txt	Vendor Advisory
http://www.securityfocus.com/bid/82300
http://www.securitytracker.com/id/1034469
https://security.gentoo.org/glsa/201610-05

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2016-01-08T19:00:00

Updated: 2017-06-30T16:57:01

Reserved: 2015-07-01T00:00:00

Link: CVE-2015-5259

JSON object: View

NVD Information

Status : Modified

Published: 2016-01-08T19:59:01.410

Modified: 2017-07-01T01:29:19.123

Link: CVE-2015-5259

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-15T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://subversion.apache.org/security/CVE-2015-5259-advisory.txt"}, {"name": "1034469", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034469"}, {"name": "82300", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/82300"}, {"name": "GLSA-201610-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201610-05"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5259", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://subversion.apache.org/security/CVE-2015-5259-advisory.txt", "refsource": "CONFIRM", "url": "http://subversion.apache.org/security/CVE-2015-5259-advisory.txt"}, {"name": "1034469", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034469"}, {"name": "82300", "refsource": "BID", "url": "http://www.securityfocus.com/bid/82300"}, {"name": "GLSA-201610-05", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201610-05"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5259", "datePublished": "2016-01-08T19:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2017-06-30T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:subversion:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "892FF423-1848-4E69-8C4C-E1972B656196", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "9ACF37C7-8752-4A8F-B7E3-2E813C4A0DF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:subversion:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "74200C33-9505-48EB-964D-6CA28C7F6DB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read."}, {"lang": "es", "value": "Desbordamiento de entero en la funci\u00f3n read_string en libsvn_ra_svn/marshal.c en Apache Subversion 1.9.x en versiones anteriores a 1.9.3 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena del protocolo svn://, lo que desencadena un desbordamiento de buffer basado en memoria din\u00e1mica y una lectura fuera de rango."}], "id": "CVE-2015-5259", "lastModified": "2017-07-01T01:29:19.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-08T19:59:01.410", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://subversion.apache.org/security/CVE-2015-5259-advisory.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/82300"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1034469"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201610-05"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}